package com.cst.security.authentication.config;

import com.cst.security.baseUtils.properties.OAuth2ClientProperties;
import com.cst.security.baseUtils.properties.SecurityProperties;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;


//认证服务配置
//可以改成从数据库中读取clientId 新建类 BootClientDetailsService 实现ClientDetailsService 接口，覆盖loadClientByClientId(String clientId)方法，将其声明为spring组件
//参考 https://blog.csdn.net/qq_31063463/article/details/83073739

@Configuration
@EnableAuthorizationServer
public class CstAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

	@Autowired
	private SecurityProperties securityProperties;

	@Override
	public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
		//token的操作都是被允许的，比如根据refresh_token来刷新access_token
		security
				.tokenKeyAccess("permitAll()")
				.checkTokenAccess("permitAll()")
				.allowFormAuthenticationForClients();
		super.configure(security);
	}

	@Override
	public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
		/*
		super.configure(clients);
		clients.inMemory()
				.withClient("clientId_1")
				.secret("clientSecret_1")
				.accessTokenValiditySeconds(3600)//令牌有效时间 60分
				.authorizedGrantTypes("password", "refresh_token")//是一个数组，针对这个应用的授权模式 一般有四种模式，也可以自定义模式 这里用password、refresh_token 模式
				.scopes("all", "read", "write")//是一个数组，自己发过来的权限一定要属于这三种之内才可以，没发过来走默认
				.authorities("client");
        */

		//从配置文件读取
		InMemoryClientDetailsServiceBuilder builder = clients.inMemory();
		OAuth2ClientProperties config = securityProperties.getOauth2();
		builder.withClient(config.getClientId())
				.secret(config.getClientSecret())
				.accessTokenValiditySeconds(config.getAccessTokenValidateSeconds())
				.refreshTokenValiditySeconds(config.getRefreshTokenValiditySeconds())
				.authorities()
				.authorizedGrantTypes("password", "refresh_token")
				.scopes("all", "read", "write");
	}

	@Autowired
	private UserDetailsService userDetailsService;

	@Override
	public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
		//super.configure(endpoints);
		//endpoints.authenticationManager(authenticationManager);
		endpoints.userDetailsService(userDetailsService);
	}
}
